tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: allow an empty attestation certificate returned by a 

security key enrollment - these are possible for tokens that only offer self-
attestation. This also needs support from the middleware.

ok markus@

OpenBSD-Commit-ID: 135eeeb937088ef6830a25ca0bbe678dfd2c57cc
This commit is contained in:
djm@openbsd.org 2019-11-12 22:38:19 +00:00 committed by Damien Miller
parent e44bb61824
commit fccff339ca
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ssh-sk.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-sk.c,v 1.9 2019/11/12 19:34:40 markus Exp $ */ /* $OpenBSD: ssh-sk.c,v 1.10 2019/11/12 22:38:19 djm Exp $ */
/* /*
* Copyright (c) 2019 Google LLC * Copyright (c) 2019 Google LLC
* *
@ -300,7 +300,8 @@ sshsk_enroll(int type, const char *provider_path, const char *application,
} }
/* Check response validity */ /* Check response validity */
if (resp->public_key == NULL || resp->key_handle == NULL || if (resp->public_key == NULL || resp->key_handle == NULL ||
resp->signature == NULL || resp->attestation_cert == NULL) { resp->signature == NULL ||
(resp->attestation_cert == NULL && resp->attestation_cert_len != 0)) {
error("%s: sk_enroll response invalid", __func__); error("%s: sk_enroll response invalid", __func__);
r = SSH_ERR_INVALID_FORMAT; r = SSH_ERR_INVALID_FORMAT;
goto out; goto out;